Zoho 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は vendor risk csrf、vendor risk memory corruption, and バッファオーバーフロー に関連することが多く、vendor surface production workloads and vendor surface software deployment の文脈で vendor impact memory corruption and アプリケーションクラッシュ などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-8174 | Zohocorp Zoho Mail wordpress plugin is vulnerable to Cross-Site request forgery (CSRF). This issue affects Zoho Mail wordpress plugin versions before 1.6.2. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 5.7 | 0.37% | 2026-05-26 | 2026-06-17 |
| CVE-2026-2740 | Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party dependency. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 8.4 | 1.70% | 2026-05-21 | 2026-06-17 |
| CVE-2026-3324 | Zohocorp ManageEngine Log360 versions 13000 through 13013 are vulnerable to authentication bypass on certain actions due to improper filter configuration. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 8.2 | 1.32% | 2026-04-16 | 2026-06-17 |
| CVE-2026-5785 | Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 8.1 | 1.39% | 2026-04-16 | 2026-06-17 |
| CVE-2026-27655 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions Based on Mailboxes report. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 7.3 | 0.53% | 2026-04-03 | 2026-06-17 |
| CVE-2026-4108 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Non-Owner Mailbox Permission report. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 7.3 | 0.54% | 2026-04-03 | 2026-06-17 |
| CVE-2026-4107 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Folder Message Count and Size report. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 7.3 | 0.52% | 2026-04-03 | 2026-06-17 |
| CVE-2026-3880 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client Permissions report. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 7.3 | 0.54% | 2026-04-03 | 2026-06-17 |
| CVE-2026-3879 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Equipment Mailbox Details report. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 7.3 | 0.53% | 2026-04-03 | 2026-06-17 |
| CVE-2026-28703 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Mails Exchanged Between Users report. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 7.3 | 0.54% | 2026-04-03 | 2026-06-17 |
| CVE-2026-28756 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions based on Distribution Groups report. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 7.3 | 0.54% | 2026-04-03 | 2026-06-17 |
| CVE-2026-28754 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Distribution Lists report. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 7.3 | 0.54% | 2026-04-03 | 2026-06-17 |
| CVE-2026-1367 | Zohocorp ManageEngine ADSelfService Plus versions 6522 and below are vulnerable to authenticated SQL Injection in the search report option. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 8.3 | 7.87% | 2026-02-23 | 2026-06-17 |
| CVE-2025-9226 | Zohocorp ManageEngine OpManager, NetFlow Analyzer, and OpUtils versions prior to 128582 are affected by a stored cross-site scripting vulnerability in the Subnet Details. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 4.6 | 0.42% | 2026-01-30 | 2026-06-17 |
| CVE-2025-9435 | Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the User Management module | 0fc0942c-577d-436f-ae8e-945763c79b02 | 5.5 | 0.52% | 2026-01-13 | 2026-06-17 |
| CVE-2025-11669 | Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 8.1 | 0.72% | 2026-01-13 | 2026-06-17 |
| CVE-2025-11250 | Zohocorp ManageEngine ADSelfService Plus versions before 6519 are vulnerable to Authentication Bypass due to improper filter configurations. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 9.1 | 1.42% | 2026-01-13 | 2026-06-17 |
| CVE-2025-9787 | Zohocorp ManageEngine Applications Manager versions 177400 and below are vulnerable to Stored Cross-Site Scripting vulnerability in the NOC view. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 6.1 | 0.91% | 2025-12-18 | 2026-06-17 |
| CVE-2025-11670 | Zohocorp ManageEngine ADManager Plus versions before 8025 are vulnerable to NTLM Hash Exposure. This vulnerability is exploitable only by technicians who have the “Impersonate as Admin” option enabled. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 6.4 | 0.37% | 2025-12-15 | 2026-06-17 |
| CVE-2025-9227 | Zohocorp ManageEngine OpManager versions 128609 and below are vulnerable to Stored XSS Vulnerability in the SNMP trap processor. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 6.5 | 0.36% | 2025-11-11 | 2026-06-17 |